You know, I’ve seen soooo many antivirus vendors that are somewhat ethically challanged claim that cookie files are a big threat, or in worse cases files that the “free” antivirus test downloaded are dangerous “you should be glad we got here in time – where’s our $30 to fix things…” kind of message, but from a mainline, well known antivirus vendor you expect better…. Over at Spyware Confidential, after an online scan at a leading AV vendor, they’ve received a couple of emails explaining the great danger their computer is in after the scan turned up 0 viruses and 0 infected files.
Tag: antivirus
-
New malware sightings
Incidents.org had an entry in the last couple days on a malware infestation that was interesting and showed a couple things. 1) You can’t bet on antivirus to keep you safe (the initial installer was not detected by most AV vendors – suspicious by 1.) (If you think about it, this makes perfect sense – antivirus is reactionary and needs to have seen a bug once to recognize it again.) 2) Malware, once in the system, can bring all their friends.
-
Symantec Antivirus Remotely Exploitable Vulnerability
This is bad – whose defending the defender? eEye security has a bulletin announced that regards a remotely exploitable vulnerability in Symantec Antivirus 10.x and Symantec Client Security 3.x They say other versions MAY be vulnerable they’re waiting for information from Symantec. Now, Symantec is probably the biggest selling antivirus package out there. It looks as though, from Symantec’s advisory, that the Norton Antivirus product line is not affected, ONLY “Symantec Client Security 3.1” and “Symantec Antivirus Corporate Edition 10.1”
They have released IDS updates to try to detect attempted exploits of this….
-
Computer security day….
A few days ago – while musing about the botnet take-down of Blue Security – I said something along the lines of “Make sure your pc’s are clean from “bugs†and help your friends do likewise. Spread the word, we need a “worldwide clean your computer with antivirus and antispyware day†or something like it. (Kind of like the installfests, Linux User groups have only an uninstallfest.)” Anyway, it looks as though Switzerland does something like this… According to incidents.org it’s called Swiss Security day.
-
Zero-day ( 0-day) Microsoft Word exploit
There was some news on this last night at Incidents.org, today F-secure has some details as well on the trojan that’s dropped in this circulating, exploit. It seems as though the initial attack was very targetted against a specific organization. Antivirus packages did not recognize the trojan that the exploit file dropped as of yesterday, although it’s looking like f-secure now has detection and I would suspect other AV vendors.
Essentially, one organization reported in to incidents that they were receiving emails with MS Word attachments. One user noticed that a domain name in the email wasn’t exactly correct…
-
Nugache the latest in bot-net technology… and why you should care about botnets…
To show you where the threat with bot networks is going there’s a story today on Nugache (Symantec summary) which is a bot that takes advantage of a number of clever tricks to avoid having the whole bot net shut down, allow command and control on an encrypted channel and essentially have no “human readable strings” in any of it’s communications. The encryption of it’s connections makes it harder for IDS to catch it (as they rely on signatures of traffic.
-
Would you trust antispyware that installed adware?
There are a couple stories on spywarecleaner’s recent practice of bundling whenu with the free version of their “antispyware scanner”. According to spyware confidential, SpywareCleaner made the rogue antispyware products list and was delisted after they corrected some “issues”. Now, they’ve been relisted due to the adware bundling of WhenU Save.
-
Interesting spyware push download tactic…
Incidents.org has another interesting post about a spyware site. One of the handlers ran across it while doing a search for an educational institution. (They’ve used a wildcard in the dns record so that they can get traffic to {fillinkeyword}.nastydomain.com) Anyway… the main page tries to install WinAntiSpyware2006FreeInstall.cab from WinSoftware Corporation, Inc. It gives the little ActiveX control popdown bar and insists that it must be installed to view the page properly. But that’s not the most interesting part…
-
A Deeper look at Nyxem
First I should raise an alarm of warning on this one, this virus is supposed to overwrite all accessible document files (network shares too) on the 3rd of the month, so February 3rd we may be seeing some problems. Don’t wait until then to make sure you have current antivirus definitions. The Nyxem virus though does something else interesting.
-
Symantec fixes possible rootkit issue
Brian Krebs at the SecurityFix has the story. Symantec, has fixed a problem with their SystemWorks and SystemWorks premier software that could allow malicious software to hide in the Norton Protected Recycle Bin. That software, could have used the nprotect directory to evade detection by antivirus and antispyware programs.